CVE-2018-18625

MEDIUM6.1EPSS 0.83%

Grafana XSS via adding a link in General feature

Published: 1/30/2024Modified: 6/28/2024

Also known as:GHSA-6wh2-8hw7-jw94GO-2024-2483

Description

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Affected packages (2)

Go/github.com/grafana/grafanafrom 0, < 6.0.0-beta1
Go/github.com/grafana/grafanafrom 0, < 6.0.0-beta1+incompatible

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (5)

ADVISORYhttps://github.com/advisories/GHSA-6wh2-8hw7-jw94
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-18625
WEBhttps://github.com/grafana/grafana/pull/11813
WEBhttps://github.com/grafana/grafana/pull/14984
WEBhttps://security.netapp.com/advisory/ntap-20200608-0008